CVE-2025-49154

Published: Jun 17, 2025Modified: Oct 6, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (6)

Products: Trendmicro: Worry Free Business Security, Worry Free Business Security Services, Apex One

Trendmicro

3 products

Worry Free Business Security

Worry Free Business Security Services

Apex One

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Worry Free Business Security	Version 10.0 sp1
Trendmicro Worry Free Business Security	Version 10.0 sp1
Trendmicro Worry Free Business Security Services	From 14.0.0 to 14.3.1299
Trendmicro Worry Free Business Security Services	From 6.7.0.0 to 6.7.3954

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Apex One	From 14.0.0.12994 to 14.0.0.14002
Trendmicro Apex One	Before 14.0.14492

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://success.trendmicro.com/en-US/solution/KA-0019917

Source: security@trendmicro.com

Vendor Advisory

https://success.trendmicro.com/en-US/solution/KA-0019936

Source: security@trendmicro.com

Vendor Advisory

Timeline

No history available yet.